summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorLennart Poettering <lennart@poettering.net>2014-06-11 10:23:16 +0200
committerLennart Poettering <lennart@poettering.net>2014-06-11 10:29:01 +0200
commit176f2acf8dee45fee832fd2ab07243f63783a238 (patch)
tree05f15a99edc2225e5e5b9062e1cdccafb04705b4
parente90738c9bbf626be2d7f6a562ed427f4fc3ec238 (diff)
tmpfiles: don't allow read access to journal files to users not in systemd-journal
Also, don't apply access mode recursively to /var/log/journal/*/, since that might be quite large, and should be correct anyway.
-rw-r--r--tmpfiles.d/systemd.conf7
1 files changed, 4 insertions, 3 deletions
diff --git a/tmpfiles.d/systemd.conf b/tmpfiles.d/systemd.conf
index b07d0504aa..fbc47823db 100644
--- a/tmpfiles.d/systemd.conf
+++ b/tmpfiles.d/systemd.conf
@@ -20,7 +20,8 @@ d /run/systemd/netif 0755 systemd-network systemd-network -
d /run/systemd/netif/links 0755 systemd-network systemd-network -
d /run/systemd/netif/leases 0755 systemd-network systemd-network -
-z /var/log/journal 2755 root systemd-journal - -
-Z /var/log/journal/%m ~2755 root systemd-journal - -
z /run/log/journal 2755 root systemd-journal - -
-Z /run/log/journal/%m ~2755 root systemd-journal - -
+Z /run/log/journal/%m ~2750 root systemd-journal - -
+
+z /var/log/journal 2755 root systemd-journal - -
+z /var/log/journal/%m 2755 root systemd-journal - -